US hacker convicted for AT&T data theft in 2010

Hacker Andrew Auernheimer, also known as weev, was convicted in a federal court in New Jersey for accessing the email addresses of approximately 120,000 iPad users through one of AT&T's web sites. Auernheimer faces 5 years in prison for the offence which is classed as a federal crime in the US under the Computer Fraud and Abuse Act. Auernheimer says he is planning to appeal the conviction.

Auernheimer, who has in the past described himself as a troll, claimed to have acted in the public interest during the trial and categorised the hacking group Goatse Security (which he was a member of) as a legitimate research outfit. Auernheimer was arrested with his accomplice Daniel Spitler last year, after the pair had used an automated script to exploit poor security in AT&T's web site to obtain the email addresses. Spitler accepted a plea bargain in return for information on the pair's activities which included other plans, that were not carried out, to illegally obtain private information and exploit it for nefarious purposes.

The pair ultimately decided to hand over information about the security vulnerability to the Gawker news outlet with the goal of publicly shaming AT&T. In the original indictment, the prosecution say that chat logs showed that both hackers had the intention of receiving further financial gain from the data they extracted from AT&T through phishing and other schemes. The extracted data included the email addresses of several high profile personalities such as government and military officials, among them the email address of New York mayor Michael Bloomberg.

(fab)